|
|
|
@ -14,6 +14,93 @@ the images can be found below as well.
|
|
|
|
|
https://downloads.opnsense.com/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
21.4.3 (August 11, 2021)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
This business release is based on the OPNsense 21.1.8 community version
|
|
|
|
|
with additional reliability improvements.
|
|
|
|
|
|
|
|
|
|
The OpenVPN advisory tracked as CVE-2020-15078 does not affect the provided
|
|
|
|
|
version 2.4.11, but the security audit will falsely flag it as vulnerable
|
|
|
|
|
because the source of the audit is FreeBSD where OpenVPN was migrated to 2.5
|
|
|
|
|
series already.
|
|
|
|
|
|
|
|
|
|
Here are the full patch notes:
|
|
|
|
|
|
|
|
|
|
* system: use ifinfo counters instead of pfctl in interface widget
|
|
|
|
|
* system: prevent excessive config writes on LDAP import
|
|
|
|
|
* system: do not split XMLRPC password into multiple pieces
|
|
|
|
|
* system: fix IPv4 /31 assignment address assignment in shell
|
|
|
|
|
* system: raised PHP memory limit to 1G
|
|
|
|
|
* system: enable group sync for LDAP servers that do not return memberOf (contributed by rdd2)
|
|
|
|
|
* system: isvalidpid() is not required for a single killbypid()
|
|
|
|
|
* system: hide far gateway option for IPv6
|
|
|
|
|
* system: Norwegian translation (contributed by Stein-Aksel Basma)
|
|
|
|
|
* system: add HA sync entry for live log templates
|
|
|
|
|
* system: add shell inactivity timeout feature for csh/tcsh
|
|
|
|
|
* system: add Syslog-ng TLS transport options
|
|
|
|
|
* system: remove unrelated service restarts from filter_configure_xmlrpc()
|
|
|
|
|
* system: rotate interface statistics widget (contributed by FingerlessGloves)
|
|
|
|
|
* interfaces: clear PPPoE SLAAC addresses on linkdown
|
|
|
|
|
* interfaces: do not check for existing CARP interfaces midstream
|
|
|
|
|
* interfaces: refactor IP address removal on configure
|
|
|
|
|
* interfaces: set tunnel flag for IPv4 tunnel plus cleanups
|
|
|
|
|
* interfaces: interface_configure() checks for enabled already
|
|
|
|
|
* firewall: make sure net.pf.request_maxcount and table-entries are always aligned
|
|
|
|
|
* firewall: add live log support for new filterlog format
|
|
|
|
|
* firewall: set label for obsolete rule in live log (contributed by kulikov-a)
|
|
|
|
|
* firewall: let live log use the newly provided rule log label instead of guessing it
|
|
|
|
|
* firewall: calculate wildcard netmasks in aliases
|
|
|
|
|
* dhcp: fix processing domain search list on static IPv6
|
|
|
|
|
* dhcp: support ignore-client-uids in DHCPv4 (contributed by Kacper Why)
|
|
|
|
|
* firmware: mask subscription in GUI output
|
|
|
|
|
* firmware: add version/date header into check script as well
|
|
|
|
|
* firmware: show update pending hint in system widget
|
|
|
|
|
* firmware: add "-q" option for in-place opnsense-bootstrap run
|
|
|
|
|
* firmware: fix grep call on FreeBSD 13 (contributed by Mariusz Zaborski)
|
|
|
|
|
* firmware: correct return code on type change in opnsense-update
|
|
|
|
|
* firmware: fix opnsense-code pull when ABI configuration is no longer there
|
|
|
|
|
* firmware: fix upgrade with multiple repositories enabled
|
|
|
|
|
* installer: assorted wording improvements
|
|
|
|
|
* openvpn: fix invalid rules generated by wizard (contributed by kulikov-a)
|
|
|
|
|
* openvpn: return empty list when /api/openvpn/export/accounts/ is called without parameters
|
|
|
|
|
* console: throw error when opnsense-importer encounters an encrypted config.xml
|
|
|
|
|
* mvc: catch all errors including syntax and class not found errors
|
|
|
|
|
* mvc: bring back bind_textdomain_codeset() to fix possible faulty page rendering
|
|
|
|
|
* mvc: migrated framework to Phalcon 4
|
|
|
|
|
* mvc: return UUID in ApiMutableModelControllerBase::validateAndSave() if applicable
|
|
|
|
|
* plugins: added variants support to share plugin code over different third-party software versions
|
|
|
|
|
* plugins: added NO_ABI marker to themes
|
|
|
|
|
* plugins: remove the use of $main_buttons in relevant code
|
|
|
|
|
* plugins: compatibility fixes with Phalcon 4
|
|
|
|
|
* plugins: os-acme-client 2.6 `[1] <https://github.com/opnsense/plugins/blob/stable/21.1/security/acme-client/pkg-descr>`__
|
|
|
|
|
* plugins: os-etpro-telemetry 1.5 exclude stale data from telemetry upload
|
|
|
|
|
* plugins: os-freeradius 1.9.15 `[2] <https://github.com/opnsense/plugins/blob/stable/21.1/net/freeradius/pkg-descr>`__
|
|
|
|
|
* plugins: os-haproxy 3.4 `[3] <https://github.com/opnsense/plugins/blob/stable/21.1/net/haproxy/pkg-descr>`__
|
|
|
|
|
* plugins: os-maltrail 1.8 `[4] <https://github.com/opnsense/plugins/blob/stable/21.1/security/maltrail/pkg-descr>`__
|
|
|
|
|
* plugins: os-nut 1.8 `[5] <https://github.com/opnsense/plugins/blob/stable/21.1/sysutils/nut/pkg-descr>`__
|
|
|
|
|
* plugins: os-telegraf 1.11.0 `[6] <https://github.com/opnsense/plugins/blob/stable/21.1/net-mgmt/telegraf/pkg-descr>`__
|
|
|
|
|
* plugins: os-zabbix-agent 1.9 `[7] <https://github.com/opnsense/plugins/blob/stable/21.1/net-mgmt/zabbix-agent/pkg-descr>`__
|
|
|
|
|
* plugins: os-zabbix4-proxy is now a plugin variant
|
|
|
|
|
* plugins: os-zabbix5-proxy is now a plugin variant
|
|
|
|
|
* src: axgbe: make sure driver works on V1000 platform and remove unnecessary reset
|
|
|
|
|
* src: axgbe: remove unneccesary packet length check
|
|
|
|
|
* ports: clog 1.0.2 fixes garbage header write on init
|
|
|
|
|
* ports: curl 7.78.0 `[8] <https://curl.se/changes.html#7_78_0>`__
|
|
|
|
|
* ports: filterlog adds CARP IPv6 support and moves label to previously reserved spot
|
|
|
|
|
* ports: isc-dhcp 4.4.2-P1 `[9] <https://downloads.isc.org/isc/dhcp/4.4.2-P1/dhcp-4.4.2-P1-RELNOTES>`__
|
|
|
|
|
* ports: libxml 2.9.12 `[10] <http://www.xmlsoft.org/news.html>`__
|
|
|
|
|
* ports: nss 3.67 `[11] <https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.67_release_notes>`__
|
|
|
|
|
* ports: openldap 2.4.59 `[12] <https://www.openldap.org/software/release/changes.html>`__
|
|
|
|
|
* ports: pcre2 10.37 `[13] <https://www.pcre.org/changelog.txt>`__
|
|
|
|
|
* ports: phalcon 4.1.2 `[14] <https://github.com/phalcon/cphalcon/releases/tag/v4.1.2>`__
|
|
|
|
|
* ports: php 7.4.20 `[15] <https://www.php.net/ChangeLog-7.php#7.4.20>`__
|
|
|
|
|
* ports: sudo 1.9.7p1 `[16] <https://www.sudo.ws/stable.html#1.9.7p1>`__
|
|
|
|
|
* ports: suricata 5.0.7 `[17] <https://redmine.openinfosecfoundation.org/versions/166>`__
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
21.4.2 (July 09, 2021)
|
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|